Governments and trading blocs are taking an ever-more global approach to compliance.
For the upcoming year, global regulators are homing in on operational resilience, including cyber security, fraud prevention and sustainability.
We’ve put together the major compliance updates you need to be ready for in 2021.
IMO Cyber Security – 1st Jan 2021
The International Maritime Organisation is implementing Resolution MSC.428(98), aimed at improving the cyber risk profile of the maritime industry.
In 2019, the total value of world shipping hit $14tr (£10.5tr)![1] This highlights the importance of securing this trade.
The Resolution stresses that organisations should have a plan that is tested and demonstrably improves cyber security over time. It’s no longer enough to have a static cyber risk assessment.
Crucially, cyber security should be a priority from the top-down of the organisation, with senior leaders taking ultimate responsibility.
An organisation’s cyber security assessment should undertake a security gap between the ‘current’ security state and ‘desired,’ with an action plan for filling the gaps.
Perhaps most importantly, cyber security awareness should be embedded into all levels of the organisation, with all training and processes taking it into account.
NIST’s Five Functions can be used as a framework for the cyber security assessment – Identify, Protect, Detect, Respond, Recover.
FCA Operational Resilience Statement
Following the Consultation Paper, the FCA, PRA and Bank of England are expected to release their Policy Statement in Q1 2021. This has been delayed for a few months due to the pandemic.
It’s expected to have at least a 12-month implementation period.
The expected outcome is that any organisation regulated by the FCA, PRA or Bank of England will need to have an operational resilience plan encompassing the follow 5 principles: prevent, adapt, respond, recover and learn.
To read more about the new operational resilience policy, read our blog post here.
As well, the Policy is likely to hold organisations responsible for operational disruption in their supply chain. That means many companies who aren’t directly in the financial services sector are likely to be under pressure to abide by the regulations.
EU 5th Anti-Money Laundering Directive (AMLD5)
This was enacted into UK law in January 2020, but businesses have until 10th June 2021 to register. The purpose of the 5th iteration of this regulation is to better equip the EU to prevent financial organisations being used to launder money or fund terrorist organisations.
This amendment enhances transparency of communication between financial organisations and the regulators. Linked to this, it reduces the anonymity of certain users such as those with pre-paid cards or virtual currencies.
It also amends the risk assessment criteria for financial transactions between EU and high-risk non-EU countries.
AMLD4 introduced “obliged entities” beyond financial services. This list has been expanded and now includes:
- Financial and credit institutions
- Financial and legal entities such as tax advisers, notaries, accountants, and gambling service providers
- Crypto-currency traders
- Art dealers and real estate agents with transactions over €10,000 (USD $12k)
- Individuals who conduct cash transactions over €10,000
Those affected will be expected to register with HMRC before the June 2021 deadline.
EU Disclosure Regulations
The EU Disclosure Regulations are already enacted but come into force from March 2021.
The regulation’s purpose is twofold. The first is to standardise how sustainability metrics are demonstrated. With standardised terminology, investors will be able to compare products more easily.
The second is to require financial products to state whether they have any adverse effects on sustainability criteria.
In the Union’s own words*: “The reason is that investment decisions and financial advice might cause, contribute to or be directly linked to negative material effects on environment and society, regardless of whether the investment strategy pursue a sustainable objective or not, such as investments in assets that pollute water or devastate bio-diversity, to ensure the sustainability of investments.”*
The effect is that sustainable investment has moved from being a ‘nice to have’ to a necessity.
Conclusion | Governance is Key
Governance underpins all the compliance updates on the calendar. A strong governance structure that has been tried & tested will go a long way to demonstrating compliance with the regulatory updates.
Contingent can support you on the compliance journey by proactively monitoring third party risk factors. Our platform alerts users to events that could disrupt their operations, allowing them to make changes in advance and build resilience.
